HTTP: IIS 4.0/5.0 Malformed .htr Request (AuthChangeUrl)
This signature detects attempts to exploit a known vulnerability against Microsoft Internet Information Server (IIS). IIS versions 4.0 and 5.0 are vulnerable. Attackers can send malformed .htr requests that can cause a denial-of-service (DoS) condition.
Extended Description
The virtual directory within IIS 4.0 and 5.0 contains .htr files which permits users to change passwords remotely. If a user initiates a password change request containing malformed data, the server CPU becomes fully utilized until the administrator performs a reboot to regain normal functionality. The patch available for this issue creates a similar vulnerability which is exploited by appending %3F+.htr to a request.
Affected Products
Microsoft iis
References
BugTraq: 1191
CVE: CVE-2000-0304
URL: http://www.microsoft.com/technet/security/bulletin/ms00-031.mspx
Short Name
HTTP:IIS:MALFORMED-HTR-REQUEST
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
(AuthChangeUrl) .htr 4.0/5.0 CVE-2000-0304 IIS Malformed Request bid:1191
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3604
False Positive
Unknown
Vendors
Microsoft
CVSS Score
5.0